产品中心

By Celeste Biever The unique sounds a keyboard makes as different keys are hit can now be transformed into a reasonable transcription of what was typed, using a new technique developed by computer scientists. Nefarious hackers could use the technique to eavesdrop on passwords, personal emails and confidential company reports, using nothing but a recording taken with a hidden microphone. “This is spying,” says Bruce Schneier, a security expert and cryptographer based in Mountain View, California, US. “It’s definitely a security risk.” Although which key makes which sound is unknown and will vary depending on the keyboard and the person, machine learning and the structure of the English language is used to work it out. The new eavesdropping method is in contrast to one developed by researchers at IBM, who in 2004 used the unique vibrations produced by each key, along with a copy of what the person was typing, to assign a letter to each sound and then to transcribe new typed sounds. “The main contribution of our paper is that we do this blind and with no training info,” says Doug Tygar, the computer scientist at the University of California, Berkeley, US, who devised the new technique with colleagues Li Zhuang and Feng Zhou. He claims that system needs only 10 minutes’ worth of typing recorded using off-the-shelf audio recorders and microphones. Each key hits a different part of the keyboard’s plastic under-plate, resulting in a slightly different sound. The algorithm separates the keystrokes and divides them into 50 classes depending on similarities in frequency and amplitude. The next step is to it map these classes to the different keys, using the probability of two letters being next to each other in a word. This is done using a knowledge of which pairs of characters, known as “digrams” are common, less common and totally forbidden. “Th” and “er” are common, “qu” is less common and “bf” is totally forbidden. This technique alone maps 60% of the keystrokes correctly, the researchers claim. But Tygar’s team also applies spelling rules, which correct words from the transcription that do not make sense, such as “tre”, and grammar, which cuts out unlikely combinations such as “the a”. Word options that have fewer than one-quarter of the characters corrected are then kept and the rest discarded, and the digram algorithm is reapplied. The process is repeated and the result is a mapping with 92% of the characters correct. These can then be used to transcribe further recordings. “It’s quite readable,” writes Edward Felten, a computer scientist at Princeton University in New Jersey, in his blog. In an experiment, Tygar’s team found that even random assortments of characters, such as passwords, could also be estimated using the software. Provided they were buried in a lot of good English, they found that about one in 20 times the software would get the password completely right, arriving at good approximations the rest of the time. Although this does not sound very accurate, it is trivial for a hacker to try 20 different possible passwords. But Schneier points out that this is unnecessary: “If I can read everything you type, I don’t care about your password.” There are limitations as to what the software can transcribe as it currently recognises only lower case letters and the “space”, “full stop”, “comma” and “enter” keys. Tygar believes the algorithm could be tweaked to recognise the delete key because people use it in a very distinctive way, often hitting up to 10 times in a row. But numbers are harder as there are no forbidden combinations. It could be done, he says, perhaps using other techniques such as a knowledge of the spatial location of the numbers on the keyboard and relating that to the level of similarity in the sounds. The algorithm was also trained with a cellphone ringing in the background, and was still successful. But a second typist in the room might pose a problem, says Tygar, who envisions a hacker parking a car outside an open window, and leaving a long-range microphone trained on the target, to record key strokes. The algorithm has been programmed in English, but most other languages should be possible as they contain similar digrams and spelling and grammar rules, Tygar says. “We have not tried experiments in other languages, but we don’t see any barrier at all,” he adds. The paper will be presented at the Conference on Computer and Communications Security in Alexandria,